Find the absolute size of an array/buffer on the stack

StackOverflow https://stackoverflow.com/questions/23491004

  •  16-07-2023
  •  | 
  •  

Вопрос

i hope the title is not to much missleading (i am pretty much a newb on assembly). I am playing around with gdb debugger and have some assembly code which goes as follows:

   0x00000000004005d7 <+0>:     push   %rbp
   0x00000000004005d8 <+1>:     mov    %rsp,%rbp
   0x00000000004005db <+4>:     add    $0xffffffffffffff80,%rsp
   0x00000000004005df <+8>:     mov    %rdi,-0x78(%rbp)
   0x00000000004005e3 <+12>:    mov    -0x78(%rbp),%rdx
   0x00000000004005e7 <+16>:    lea    eax, [epb-120]
   0x00000000004005eb <+20>:    mov    %rdx,%rsi
   0x00000000004005ee <+23>:    mov    %rax,%rdi
   0x00000000004005f1 <+26>:    callq  0x400480 <strcpy@plt>
   0x00000000004005f6 <+31>:    leaveq 
   0x00000000004005f7 <+32>:    retq

the thing i want to archive is to find out what size the buffer at "[epb-120]" is. The thing i have tryed was to set a breakpoint at: 0x00000000004005e7 and let the code run to then inspect the value of epb so i did that and subtracted 0x120 from that value... but would that result be the absolute size of that buffer? Or is there some better way to find the size of that pointer? Thanks in advance

Это было полезно?

Решение

First off, the size of a pointer is always the same.

I am assuming you want to find out how big the buffer on the stack is that is used in the strcpy().

You can not tell the exact size of the buffer. What you can tell is the following.

0x00000000004005d7 <+0>:     push   %rbp
0x00000000004005d8 <+1>:     mov    %rsp,%rbp
0x00000000004005db <+4>:     add    $0xffffffffffffff80,%rsp

After the function prologue the stackpointer is decremented by 128 (0xffffffffffffff80 = -128). So we have space for 128 bytes of local variables.

0x00000000004005e7 <+16>:    lea    eax, [epb-120]
0x00000000004005eb <+20>:    mov    %rdx,%rsi
0x00000000004005ee <+23>:    mov    %rax,%rdi
0x00000000004005f1 <+26>:    callq  0x400480 <strcpy@plt>

Now, before the strcpy() the address of %ebp-120 is loaded into %eax which is moved to %rdi which in turn is used to pass the argument to the call to strcpy().

%ebp-120 tells us that the buffer starts 120 bytes below %ebp. So if there is no other variable between %ebp and ebp-120 we can assume that the buffer is 120 bytes in size.

Please comment if this is unclear and i will try to improve the explanation.

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top